Automation technologies promise a reliability revolution.
Utilities are using automation and back-office systems to improve their performance on outage management and service restoration. The next generation of smart-grid technologies promises a revolution in self-healing systems. But first the industry must gain confidence in the technology—and the business case for investment.
Who will oversee the industry’s cyber standards?
Who will oversee the industry’s cyber standards? Effective security calls for a single organization to set standards that will protect the smart grid. The industry is struggling to reach consensus over authority, scope and funding for its new security apparatus.
CIP audits show utilities are just getting started with securing the grid.
Bad news from the front lines in the cyber-security war: Little meaningful progress has been made toward safeguarding the nation’s electric grid from malicious attacks. Initial cyber-security assessments and audits suggest few companies really are ready to implement the first wave of NERC critical infrastructure protection (CIP) standards, despite the fact the utility industry drafted the regulations.
U.S. utilities are gaining valuable lessons from technology developments abroad.
Structural and regulatory factors have allowed utilities in some countries to leapfrog America’s utility industry in terms of technology leadership. But U.S. utilities are learning valuable lessons from international advancements.
Intelligent power grids present vexing cyber security problems
In a world where streetlights can be used as a weapon, controlling local utility networks becomes more than just a matter of public convenience and necessity. It becomes a matter of public safety and even national security. And in that world, the idea of an inter-networked, automated distribution grid poses troubling questions about cybersecurity vulnerabilities.
Test gets major media hype, but SCADA vulnerabilities remain
A simulated attack, named the Aurora Generator Test, took place in March 2007 by researchers investigating supervisory control and data acquisition (SCADA) system vulnerabilities at utility companies. The experiment involved hackers invading the plant’s control system to change the operating cycle of the generator.
ERCOT utilities approach CIP compliance from varying perspectives
As proposed by the North American Electric Reliability Corp., the new critical infrastructure protection (CIP) standards charge utilities with identifying their own critical assets and related cyber systems. This approach allows great flexibility for utilities to apply the CIP standards to their particular situations. This will help ensure that their efforts focus on securing critical assets, rather than on complying with an overly prescriptive set of mandates that might or might not yield a secure grid.
Utilities are gearing up for cyber security compliance. Will the standards prove worthy?
The NERC CIP standards represent an historic achievement. They include the first mandatory cyber security requirements of their kind to be imposed on a U.S. private-sector industry. Considering the scope and sensitivity of the grid-security issue, developing a set of enforceable standards inevitably would entail a complex and contentious process. From that perspective, NERC, FERC and the industry have made remarkable progress, and their efforts deserve accolades.
Special Report on Cyber Security and CIP Compliance
Utilities are gearing up for compliance with the new CIP standards. NERC, however, has taken a flexible approach to implementation that leaves some companies confused. Can utilities comply by 2009, and will their measures be effective in securing the grid?
Before the hearings started, I felt the number of critical cyber assets for a medium size utility would be on the order of several thousand, not 20 as some major utilities are identifying under the CIP standards. This should be a red flag for the industry.